Login
Newsletter
Werbung

Sicherheit: Pufferüberlauf in glibc
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in glibc
ID: FEDORA-2018-916dfe0d86
Distribution: Fedora
Plattformen: Fedora 28
Datum: So, 27. Mai 2018, 21:38
Referenzen: https://bugzilla.redhat.com/show_bug.cgi?id=1570246
https://bugzilla.redhat.com/show_bug.cgi?id=1452750
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11237
Applikationen: GNU C library

Originalnachricht

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2018-916dfe0d86
2018-05-27 19:30:55.541742
-------------------------------------------------------------------------------
-

Name : glibc
Product : Fedora 28
Version : 2.27
Release : 15.fc28
URL : http://www.gnu.org/software/glibc/
Summary : The GNU libc libraries
Description :
The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.

-------------------------------------------------------------------------------
-
Update Information:

This update ensures that valgrind works again without installing glibc
debuginfo
packages (RHBZ#1570246). It also addresses a security vulnerability in the
`mempcpy` implementation for the Intel Xeon Phi processors (CVE-2018-11237,
RHBZ#1581275). Furthermore, the switch to libidn2 uses the final upstream
patches (RHBZ#1452750(.
-------------------------------------------------------------------------------
-
ChangeLog:

* Thu May 24 2018 Florian Weimer <fweimer@redhat.com> - 2.27-15
- Rebuild to add back .symtab section in ld.so (#1570246)
- Switch to upstream version of libidn2 removal (#1452750)
- Auto-sync with upstream branch release/2.27/master,
commit 50df56ca86a281c8fd99a8100aac75539813788d:
- CVE-2018-11237: Buffer overflow in mempcpy for Xeon Phi (#1581275)
* Thu May 17 2018 Florian Weimer <fweimer@redhat.com> - 2.27-14
- Do not run telinit u on upgrades (#1579225)
* Tue May 15 2018 Florian Weimer <fweimer@redhat.com> - 2.27-13
- Auto-sync with upstream branch release/2.27/master,
commit 0cd4a5e87f6885a2f15fe8e7eb7378d010cdb606:
- sunrpc: Remove stray exports (#1577210)
- gd_GB: Fix typo in abbreviated "May" (swbz#23152)
- realpath: Fix path length overflow (swbz#22786)
- elf: Fix stack overflow with huge PT_NOTE segment (swbz#20419)
- resolv: Fully initialize struct mmsghdr in send_dg (swbz#23037)
- manual: Various fixes to the mbstouwcs example, and mbrtowc update
- getlogin_r: return early when linux sentinel value is set
- resolv: Fix crash in resolver on memory allocation failure (swbz#23005)
- Fix signed integer overflow in random_r (swbz#17343)
- RISC-V: fix struct kernel_sigaction to match the kernel version (swbz#23069)
* Fri May 11 2018 Florian Weimer <fweimer@redhat.com> - 2.27-12
- Unconditionally build downstream with -mstackrealign for now
* Fri May 11 2018 Florian Weimer <fweimer@redhat.com> - 2.27-11
- Inherit compiler flags in the original order
* Fri May 11 2018 Florian Weimer <fweimer@redhat.com> - 2.27-10
- Inherit the -mstackrealign flag if it is set
* Fri May 11 2018 Florian Weimer <fweimer@redhat.com> - 2.27-9
- Use /usr/bin/python3 for benchmarks scripts (#1577223)
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1452750 - glibc: switch to libidn2
https://bugzilla.redhat.com/show_bug.cgi?id=1452750
[ 2 ] Bug #1581275 - CVE-2018-11237 glibc: Buffer overflow in
__mempcpy_avx512_no_vzeroupper [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1581275
[ 3 ] Bug #1570246 - glibc: When built with file 5.33, valgrind stops working
due to RPM ELF processing [Fedora]
https://bugzilla.redhat.com/show_bug.cgi?id=1570246
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-916dfe0d86' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5BBWUKF5U44F6HF2DUOJ3YDSML67Q4TT/
Pro-Linux
Unterstützer werden
Neue Nachrichten
Werbung